Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Redshift Proof System #1

Closed
nkaskov opened this issue Nov 1, 2021 · 6 comments
Closed

Implement Redshift Proof System #1

nkaskov opened this issue Nov 1, 2021 · 6 comments
Assignees
@nkaskov
Labels
enhancement New feature or request
Milestone
Auxiliary Proof G...

Comments

@nkaskov
Copy link
Contributor

nkaskov commented Nov 1, 2021

Duplicates corresponding issue in Zero-Knowledge proofs repository.
@nkaskov nkaskov added the enhancement New feature or request label Nov 1, 2021
@nkaskov nkaskov self-assigned this Nov 1, 2021
@nkaskov nkaskov added this to the Initial ZK scheme implementation milestone Nov 1, 2021
@nkaskov nkaskov modified the milestones: Initial ZK scheme implementation, Auxiliary Proof Generator Nov 2, 2021
@nemothenoone nemothenoone changed the title Implement Redshift Proof Scheme Implement Redshift Proof System Jan 25, 2022
@nemothenoone nemothenoone mentioned this issue Jan 27, 2022
Merged
@mimoo
Copy link

mimoo commented Feb 4, 2022

BTW I was wondering why redshift and why not verify the plonk proof directly in ethereum? Not sure if I understand this correctly, but it looks like it is possible

@nemothenoone
Copy link
Member

nemothenoone commented Feb 4, 2022
edited
Loading

@mimoo It is technically possible, yes, but the direct verification cost for a circuit used for Mina's state proof turns out to be overwhelming. It definitely exceeds 5m gas. Probably goes out of the 10m threshold as well. So we had to wrap it with the proof system with a cheaper verification.

@mimoo
Copy link

mimoo commented Feb 4, 2022

interesting, how would that compare with plonky2 which seems to use the same kind of techniques?

@nemothenoone
Copy link
Member

@mimoo When this project was started, no such thing as plonky2 existed. Even if it did, I highly doubt, we would've picked it because it cannot be considered as a general-purpose proof system.

Plonky2 is a proof system done for the only purpose - to dominate synthetic benchmark results table. It targets recursive verification case done with circuits of a very particular kind (no signature or finite field elements longer than 64 bit can be proved efficiently with it - i.e. no efficient Mina's proof systems curves processing is possible with it) for a very particular hardware (arm64) Even a curve which was picked for plonky2 (for the by-default usage) was picked with the only purpose in mind - to show fastest benchmark results with a very particular hardware (https://moderncrypto.org/mail-archive/curves/2014/000322.html).

What we are building is a general-purpose proof system that can be applied to different use cases. It does uses PLONK with custom gates and LPC commitment scheme as well, yes, but there are differences in the arithmetization part, public input enforcement method, and lookup approach. We will publish a spec in a couple of weeks.

I'm also thinking that eventually all those PLONK-ish proof systems will result into some configurable proof system with substitutable components. At least we target the creation of such one within the cryptography suite of ours.

@mimoo
Copy link

mimoo commented Feb 6, 2022

Interesting, thanks for the thorough answer, I found some of these details here as well :)

@nemothenoone
Copy link
Member

Done with: NilFoundation/crypto3-zk@5a60299

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nkaskov nkaskov

Labels
enhancement New feature or request
Projects
None yet
Milestone
Auxiliary Proof Generator
Development

No branches or pull requests
3 participants
@mimoo @nemothenoone @nkaskov